Windows Ransomware Attack Underway

Patch Available for Ransomware Attack

microsoft icon

You are going to want to cry–unless you make sure you are protected

WannaCry Ransomware

Wordfence security software has announced they have confirmed a serious virus called  WannaCrypt0r/WannaCry has affected Windows computers. Reputed to affect computers on shared networks, the virus has been reported in at least 74 countries worldwide.

According to Kaspersky Lab there have been more than 57,000 individual instances reported to date. And that number is growing rapidly.

Once one computer on a network is affected, the malware infection easily spreads to other Windows computers on the same network, shutting down entire government agencies and national infrastructure companies. Hospitals across the UK were being forced to divert patients and ambulance routes as of Friday afternoon, and several utility companies across Europe reported infection across their computer networks according to BBC News.

This virus is of the type known as ransomware.

Why ransomware? Because it will take over your computer, completely locking it down. You can’t access anything. Then a pop-up screen appears, announcing that you can liberate your device by paying them for a special tool or decryption device.

Is Your Windows Computer Safe from this Ransomware Attack or Infected?

Clearly, if you see the ransom notice on your computer, then you have been compromised.

However, experts don’t yet know how long the virus may be resident on your computer BEFORE it actually takes over and locks up your system.

Have you accessed a public network with your computer? If you took your laptop to a cafe, used it at another place of business, for example, they you may have received the infection.

microsoft building ransomware attack response

The Good News

Microsoft has been aware of this vulnerability and released a fix back on March 14th for Windows. If you have automatic updates enabled, you should be fine.

If you don’t have updates automatically, be sure to check to see that you have the latest release.

Click to read more about Microsoft’s take on ransomware attacks.

There are older versions of Windows, (XP, for example) that are no longer supported by Microsoft. These did not receive the security update–although there are reports that Microsoft is changing that policy and may issue, or may have already issued a patch for these users as well.


This report is courtesy of our friends at Wordfence.com, to read more about this specific attack, please read their May 12, 2017 blog post.

Kaspersky Lab is a  multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia and operated by a holding company in the United Kingdom.

Learn more about internet security and keeping your online business safe.

Dump QuickTime Now

Apple No Longer Supporting QuickTime on Windows, vulnerabilities found

Dump QuickTimeWhile Apple insists the QuickTime plugin will still work, however it has not been properly updated to work well with Windows 8 or Windows 10.

Now is the time to dump QuickTime, at least according to the United States Computer Emergency Readiness Team, an organization within the Department of Homeland Security. US-CERT, as they are otherwise known is tasked with keeping the internet safe.

US-CERT strives for a safer, stronger Internet for all Americans by responding to major incidents, analyzing threats, and exchanging critical cybersecurity information with trusted partners around the world.

Industry experts and the government are urging us to remove QuickTime from our Windows computers. This reaction is not solely because of Apple’s decision to not support the plugin for Windows. Two critical vulnerabilities have been discovered, that if QuickTime is left on your computer could leave your system open for attack. Since Apple is no longer supporting the plugin, these openings are not going to be patched.

Dump QuickTime vulnerabilities

According to Trend Micro:

…ultimately the right answer is to follow Apple’s guidance and uninstall QuickTime for Windows. That is the only sure way to be protected against all current and future vulnerabilities in the product now that Apple is no longer providing security updates for it.

US-CERT also recommends uninstalling the plugin from your Windows based computers

…using unsupported software may increase the risks from viruses and other security threats. Potential negative consequences include loss of confidentiality, integrity, or availability of data, as well as damage to system resources or business assets. The only mitigation available is to uninstall QuickTime for Windows. Users can find instructions for uninstalling QuickTime for Windows on the Apple Uninstall QuickTime

Many Windows users wonder about how they should play videos if they no longer use QuickTime. Fortunately there are many options available to us. You can still use an Apple product, iTunes, to play video and audio files. Your Microsoft computer should also have a built-in media player that will also work. Of course there are other companies who provide players as well if you are interested in a third-party solution.

The lack of support is not new. Companies often phase out support for older products. Microsoft itself no longer supports Windows XP, and is scheduled to stop supporting Vista this year and Windows 7 in 2020. Apple actually began this phase-out in 2013. In January of this year the QuickTime browser plugin for Windows was axed.

QuickTime 7, which is the latest version of the product, was introduced in 2005. It has been replaced on Mac machines since 2009. Those machines use the newer QuickTime X, which according to Trend Micro, doesn’t have the same vulnerabilities. There is no “X” version of QuickTime for Windows.

We find it interesting to note that Apple still has a link on their site allowing users to download the QuickTime plugin for Windows. Apple does not state on their site that the plugin will no longer be supported, nor do they, at the time of this writing, urge users to uninstall the plugin.


Sources: Wall Street Journal, 9 to 5 Mac, The United States Computer Emergency Readiness Team, Trend Micro

Did Plugin Result in Resignation of Iceland’s PM?

Could the Panama Papers Breach Been Avoided with Basic WordPress Security?

Read how a simple WordPress plugin may have enabled Panama Papers leak

Panama_Papers_Leak_photo_CNN

By now just about everyone has heard about the “Panama Papers Breach.” The fallout is still coming from this leak of over 11.5 million documents, but at the very least the Prime Minister of Iceland has been forced to resign as a result. Russian President Putin and British Prime Minister David Cameron are also caught up in the controversy.

The Panamanian law firm Mossack Fonseca is at the center of the swirl. Our friends at WordFence security have done some testing and they have made a shocking discovery:

The Panama Papers Breach may have been a result of an outdated WordPress Plugin!

Forbes has reported that Mossack Fonseca (abbreviated as MF…how appropriate!) provided a portal for their customers to access their data. This portal reportedly was using an old, vulnerable version of Drupal. WordFence did their own digging and found this:

The MF website runs WordPress and is currently running a version of Revolution Slider that is vulnerable to attack and will grant a remote attacker a shell on the web server.

Viewing this link on the current MF website to a Revolution Slider file reveals the version of revslider they are running is 2.1.7. Versions of Revslider all the way up to 3.0.95 are vulnerable to attack.

MF has since put their website behind a firewall, but only within the last month did this happen.

On top of having an out of date plugin, and providing access to their website via an unprotected portal, it seems that MF also used the same server for their website as their email server.

While these hackers may have done the world a service by exposing corruption, learn a lesson from the failings of MF. Protect your business and your clients by securing your website.


Read more, or watch the video on CNN here

Read more about the possible plugin connection on WordFence’s blog here

Is Your Website Back Door Unlocked?

Over 300,000 Users May Have: Read Latest Website Security Update and Make Sure You are Locked Down

Website Security Updates from Internet Advertising that Works

The plugin User Role Editor has been reported to provide a backdoor way for your users to gain controls that you may not want them to have.

This popular plugin, which has more than 300,000 active installations has a serious vulnerability.

The vulnerability allows any registered user to gain administrator access. For sites that have open registration, this is a serious security hole.

As we mentioned in our post about Internet Security last month, it is important to keep your plugins current. Be sure to update your plugins immediately, and if you do have User Role Editor on your site be sure to upgrade to the latest version (currently that is 4.25.)


Read more of the technical bits on the WordFence blog post here

Top WordPress Website Security Tips

How to Prevent Hackers from Entering Via Biggest Risk: Your Plugins

hacked_website_how_compromised

Although most website owners and managers who have had the unfortunate experience of being hacked don’t actually know HOW their site was compromised–of those who do, over 50% know it was from a plugin.

Does that mean that you should not use plugins on your website? Of course not, they are part of the beauty of WordPress websites. Plugins add specific functions to our websites without the website owner having to know a whole bunch of code.

Plugins play a big part in making WordPress as popular as it is today. As of this writing there are 43,719 plugins available for download in the official WordPress plugin directory. That is an incredible selection of plug and play software. But you obviously need to be careful with them, as plugin vulnerabilities represented 55.9% of the known entry points reported by respondents.

How do you take advantage of plugins while simultaneously being smart about your WordPress website security?

Keep Plugins Current

We know it can seem like a hassle when you have to update your plugins all the time. But that hassle is so minor compared to the hassle of getting hacked–cleaning up your website, lost time, lost revenue, lost clients, lost business potential. It is definitely worth it.

So when you get a notice that your plugin has an update available, it is a good idea to update. (We do recommend making regular backups of your website as well. Your plugin update may not work with your existing theme, for example. So you want to have a recent backup before you update plugins.)

Get Rid of Abandoned Plugins

If you have a plugin that has not been updated in at least 6 months you should seriously consider a different plugin. This is generally a sign that the developer is no longer supporting the plugin, otherwise known as having abandoned it. That means no one is looking our for your WordPress website security at all. A perfect way for a hacker to get in.

Less is More

Use as few plugins as you can to get the job done. If you have deactivated the plugin, take it off your site. If you don’t need it, don’t upload it–or get rid of it.

Use Reliable Plugins

Many plugins are available from the official WordPress site, but not all are. Don’t let a hacker trick you into loading an open doorway for them to get into your store.

How do you know if a site is reputable or not? Here are the suggestions from Wordfence, the WordPress website security software that we use and recommend.

  • Eye Test – Is the site itself professionally designed and uses clear language to describe the product? Or does it look like it was thrown together quickly by a single individual?

  • Company Information – Does the site belong to a company with the company name in the footer?

  • TOS and Privacy Policy – Do they have terms of service and a privacy policy?

  • Contact Info – Do they provide a physical contact address on the contact page or in their terms of service?

  • Domain Search – Google the domain name in quotes e.g. “example.com”. Do you find any reports of malicious activity. Add the word ‘theme’ or ‘plugin’ next to the quoted domain name in your search and see what that reveals.

  • Name Search – Do a Google search for the name of the plugin and see if any malicious activity is reported. Add the phrase “malware” or “spyware” to the search which may reveal forums discussing a malicious version of the theme being distributed.

  • Vulnerability Search – Do a search for the theme or plugin name or the vendor name and include the word “vulnerability”. This will help you find out if any vulnerabilities have been reported for the product you’re interested in or for the vendor. If they have fixed the vulnerability in a timely manner, that usually indicates they are a responsible vendor who is actively maintaining their product when problems arise.

Plugins are certainly not the only source of hacking. In order to protect your website and maintain a level of internet security here are some additional pointers:

Select your usernames and passwords with care. Make them unique and different: don’t use the same one for all your sites, make them hard for someone to guess.

Use some sort of website security. We use Wordfence, we appreciate the training and education they provide, along with common breaches to look out for. It is available in a free version and a paid version. The paid version doesn’t cost much and we find that it saves us enough time that it is worth it–but start with the free account if you want to try it out.

There are other options out there as well, so whether you use Wordfence or another product–protect your internet asset one way or another. We don’t get paid for recommending them, it is just who we use.


Thanks to our friends at WordFence for the original article, which can be read on their blog here. The graphic is from the same article.

WordPress Users Vulnerable Unless Updated Immediately

Read Why it is Imperative to Update Now

This is a major WordPress security as well as maintenance release.

Certain bugs were fixed, as well as an open redirection vulnerability.

According to WordFence a security plugin for WordPress sites:

Because we expect an exploit to appear in the wild so soon, we recommend an immediate upgrade to WordPress 4.4.2.

Sadly, unscrupulous people seek out ways to attack any website or platform. Twitter has been shown to be vulnerable as well as your website.

Many, if not all sites will update automatically. But be safe and double check that this important WordPress security release has been updated on your site(s).

If you are not sure how to know what release you have, take a look at this image as a guide. Simply click on the Dashboard icon in the left column. Then, once you are on your website’s WordPress dashboard, look in the “At a Glance” section. It will tell you the version of WordPress you are running and what theme (greyed out in this picture.)

WordPress 4.4.2 security release

Be sure to take security precautions seriously. If for no other reason than trying to fix a hacked site is a royal pain in the…neck and nether regions.

Keep blogging and marketing your business. Just take precautions, as you would with your brick and mortar business


Thanks to our friends at WordFence for keeping our sites safe. Read their article on this update here.

Read WordPress.org’s info on the release here.

Is Your Website Safe from Hackers?

WordPress Users Take Note of Security Updates

If you have a website then you may very well be using WordPress. We love it, it is easy and flexible, and one of the most popular website platforms around.

That being said, as with any website, it is important to be sure that your site is secure. The last thing you want to do is find that someone has hacked into it…

Read this article from Wordfence, one of the specialists in WordPress security.

WordPress Security January Roundup: Core XSS and 4 Plugin vulnerabilities

Banner Ad Scams Too Good To Be True

Banner Ad ScamsIf you have a website or blog you have probably been hit up by “professionals” who are interested in “helping you” in a variety of ways. Sadly, many of these so-called pros are actually out to scam you. They may be after your money or they may be looking to infect your computer or your website with malware.

I am not an IT expert, I know enough about my computer and coding to get the job done–most of the time. I do have a good sense when something feels squirrelly. One of my sites was hacked once and I can tell you from personal experience that it was a royal PIA to get it cleaned up. Frankly, I don’t understand how people get their jollies this way–that site was not making any money, so it certainly wasn’t to make financial gain!

I digress…as I so often do 😉

The latest came through my contact form. The good news is that I can safely read the messages from my contact form. The other good news is that I was smart enough, awake enough, alert to the possibility enough (you choose the descriptor you think is right) to NOT click on the link.

Whenever I have a question about if something is legitimate I do a simple Google search. And guess what I found this time? Yep, lots of people are reporting this scam.

Here is the content of the message I got (please do not go to the URL listed–I have definitely NOT activated the link, but want you to be able to see the full scam)

Subject:     Contact Form Results
From:    Josephine Bergson <josephine.bergson@lltconsulting.net

Josephine Bergson wrote:
Hello!

My name is Josephine Bergson representing the advertising department of the LLT
Consulting company. We are interested to place ads (banners), of your choice, on
your websites.

Design and sizes can be seen on our website at www.lltconsulting.net/id_fvo24fca/
Depending on the banner size you choose we can pay up to $950.00/month.

If you are interested to become an advertising partner please let me hear from you.

Kind Regards,
Josephine Bergson
josephine.bergson@lltconsulting.net

Website:
IP: 209.222.26.85

Sounds great, doesn’t it? Too good to be true? That’s because it is!

This might be a great deal, but one of the flags is the dollar amount the are “offering”…but you don’t have to just take my word for it.

Read what a couple IT/high tech guys have to say about this scam (this links ARE active and click away!)

Michael Sheehan AKA HighTechDad: http://www.hightechdad.com/2015/01/22/blogger-warning-llt-consulting-banner-ad-scam/

and Len at Telapost: http://www.telapost.com/bloggers-scam/

Both these guys give good hints on how to determine if what you are being offered is spam. I love this part, do a simple “who is” search and “if the domain is new, registered to a funny name, in a foreign country, renewed recently, and does not belong to a legitimate sounding company you can be sure that the email has ill intentions.” (Thanks Len for that quote).

Also, be realistic, not greedy. If your site doesn’t get significant traffic (yet) then you probably won’t be getting these kinds of offers. If the money seems to good to be true, it probably is.

Clicking on links can load your computer with a malware or trojan. Len stated that he believes this single scam has affected hundreds of machines or more already. If you are one of the unfortunates who did click the link, check these guys out for suggestions on how to clean your machine.

To your successful online business–and pooh on scammers!

Not All Website Traffic is Good

In the world of internet advertising, marketers often look at website traffic as an indication that their work is successful.

black-cars

It may seem like the more traffic that is coming to your website the better, right?

Not necessarily.

Think about it like you would your brick and mortar store. You certainly want more “boots in the door” as one client puts it. But you want more than that as a business owner. You want people who will actually buy your products or pay for your services.

That doesn’t mean that every person who comes in the door has to buy something on the spot or you will kick them to the curb! Depending on your business you may actually have plenty of activity that does not, in that moment at least, seem to generate income.

Potential customers may browse through your shop and not buy now. For some, they look around and learn that your store does not fit their needs or style. Others like it, but don’t see anything right at this moment–but they probably will come back.

You may be a service business and provide free consultations. Perhaps you have a business where you offer free samples. These are types of advertising where you spend your time and/or money/goods in the hopes that you will get some customers. You know that your will not convert all of these trials into clients or customers, but if you are doing it right you will get more than enough to make this a great way of getting new business.

Now apply this logic to your website traffic. You may offer products for sale directly on your website, you may provide information that potential customers “consume” online as a way to get to know you (“a sample”), or your website may allow them to book an appointment, reach you by phone, etc.

These are all great forms of traffic. Some may convert to paying customers. Some will not. Just like the storefront example, there will be potential customers who decide that you are not a good fit for their current needs. That is OK. You don’t want or need every single human being on the face of the planet to be your customer. You want the RIGHT customers.

So when is website traffic NOT good traffic?

Let’s look at the storefront example again. Do you want to have a bunch of people who have absolutely no intention of buying your products or services loitering about, making it hard for your ideal customer to get through the door? Nope, you don’t. Do you want people coming in who are going to steal from you? Of course not.

You may not have a problem with too many people loitering around your site in cyber-space, but we can have problems with people trying to “break in” to our sites. These hackers may try to get in through the front door or they may use sophisticated code to try to come into your site through the backdoor.

Just as you might have security cameras to monitor and safeguard your physical doors, you will want to safeguard your cyber-doors as well.

Hackers will try to break into sites for many reasons. Sometimes it will be to try to get sensitive data. But just because you don’t collect information or accept payment on your website don’t think that you are uninteresting to cyber-thieves.

Be sure that your webmaster is keeping your website protected. The last thing you want to have happen is to look at your website and discover that it has been hacked. Best case scenario it is merely inconvenient–an inconvenience that takes time and money to fix. Something you just don’t need when you are trying to run a business.

Shhh…the Secret Password Is…

As a local business owner, you might not spend a lot of time online, but when you are online you want to be as safe and smart about it as you can.

You wouldn’t hand over your business credit card voluntarily to just anyone, right? You lock up your store every night when you leave. And you certainly wouldn’t open your safe and say “have at it” to a stranger! password-397658_1280

It is important that we take our internet safety just as seriously as we do our bank accounts. We don’t want to let people into our websites and online accounts like PayPal or other financial institutions without our permission any more than we would want them climbing into our brick and mortar windows.

One of the best ways to do this is to have strong passwords.

Here are some tips for passwords to avoid:

  • The word “Password”
  • Your birthday or anniversary
  • Your mother’s maiden name (not your wife’s either)
  • Numbers or letters in a sequence
  • The same password for multiple logins
  • Your name, legal or nickname
  • Names or birthdates of your spouse or children

Most sites have specific requirements or limitations on creating a password, so be sure to pay attention to those.

Tips on making a strong password–

  • Have it be at least 8 characters long
  • Use a combination of numbers, upper and lower case letters and at least one special character
  • Try a password generator (although they can be really hard to remember)
  • Think of a sentence that you will remember and use the first letter of each word, adding at least one number and one special character

Keeping it all straight can be a challenge.

Remember to keep track of your passwords and update them periodically. Some sites expire your passwords for you after a set period of time.

There are password managers available, such as Roboform, which are really helpful if you have a lot of passwords to remember. You can download the free version, which is more than enough for most people. It fills in your passwords for you so you don’t have to remember them or worry about typing mistakes on those complicated ones. It is available for Windows, Mac, iPhone & iPad, and for Droids.

Updated June 2016: there is also a business version of Roboform available here.